Edward Snowden revelations: GCHQ ‘using online viruses and honey traps to discredit targets’

Documents released by the American former CIA employee claim that the agency is at the forefront of efforts to develop “offensive” online techniques

Cahal Milmo
Sunday 09 February 2014 18:46 GMT
NSA whistleblower Edward Snowden
NSA whistleblower Edward Snowden

Britain’s GCHQ has a covert unit which uses dirty tricks from “honey trap” sexual liaisons to texting anonymous messages to friends and neighbours to discredit targets from hackers to governments, according to the latest leaks from whistleblower Edward Snowden.

Documents released by the American former CIA employee claim that the Cheltenham-based intelligence agency is at the forefront of efforts to develop “offensive” online techniques for use against criminals, and individuals and regimes considered to pose a threat to national security.

The revelations on Sunday sparked criticism that GCHQ is adopting tactics used by illegal hackers, such as so-called denial of service (DoS) attacks to disable chatrooms, which have no clear authority under British law and may have infringed the rights of other internet users.

The Snowden documents, obtained by American broadcaster NBC, also provide evidence that GCHQ has moved beyond its role as a surveillance agency and now occupies operational territory more traditionally associated with its confreres, MI6 and MI5.

The covert GCHQ unit - the Joint Intelligence Threat Research Group (JTRIG) - runs what it terms an “Effects” programme against Britain’s enemies under what it calls the four Ds: “Deny/ Disrupt/ Degrade/ Deceive.” The mission of the unit is: “Using online techniques to make something happen in the real or cyber world.”

Slides from a 2012 presentation, marked Top Secret, outline JTRIG’s role in discrediting targets using both online techniques, such as using blogs to leak confidential information to companies or journalists, and “real life” methods like the honey trap - a time-honoured intelligence trick of luring an individual into a sexual encounter to gain information and leverage, potentially for blackmail.

Under the heading “Discredit a target”, one slide notes: “Honey trap; a great option. Very successful when it works. Get someone to go somewhere on the internet, or a physical location to be met by a ‘friendly face’.”

The agency also suggests accessing a target’s social networking accounts to replace their photograph, adding approvingly: “Photo change; you have been warned, ‘JTRIG is about!!’ Can take ‘paranoia’ to a whole new level.”

As well as sending emails and texts to colleagues and friends of an individual as part of “infiltration work”, the GCHQ unit details how it can discredit companies and “get another country to believe a ‘secret’” by passing off disinformation via computers.

The file also reveals that the agency has perfected software, codenamed Ambassadors Reception, which will “encrypt itself, delete all emails, encrypt all files, make screen shake, no more log on”.

The virus, which is used alongside DoS attacks, appears to have been widely deployed with considerable success. The document adds: “Has been used in a variety of different areas, very effective.”

Civil liberties campaigners said the revelations, which follow the release of documents last week showing that DoS attacks were used by GCHQ to target so-called hacktivist groups such as Anonymous, added weight to calls for closer control of intelligence agencies.

A Privacy International spokesman said: “Whether it's mass interception of data through undersea cable tapping or cyber attacks, it has become clear that the current legal framework governing intelligence activities in the UK is unfit for purpose in the modern digital era, and reform is urgently needed. Given the deeply flawed nature of this present investigation by the ISC, we hope that a full and independent inquiry is called. Without explaining the application and interpretation of the current legal framework, the ISC cannot properly reassure the public that UK intelligence agencies have not acted beyond the law or undermined cyber security.”

Jake Davis, a former computer hacker who was targeted by GCHQ and jailed last year for attacks on several websites, said: “When we look at what Western governments are doing - snooping on our emails, infecting our computers, intercepting our phone communications, following our avatars around in online games, encouraging illicit activity and even engaging in their own illicit activity - we have to ask ourselves: who are the real criminals here?

”Throughout the Snowden revelations, GCHQ has insisted its activities are within the law and the subject of ministerial and parliamentary scrutiny.The documents show the techniques developed by JTRIG to block a target’s communications have been used in Afghanistan against the Taliban, sending text messages and calls to enemy fighters at a rate of one per minute. The unit has also been active in preventing the spread of nuclear weapons technology. NBC claimed that British intelligence agencies were involved in the attack in 2010 on Iran’s atomic facilities using the Stuxnet virus.

GCHQ did not comment on the latest documents. In a statement, the agency said: “All of GCHQ’s work is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorised, necessary and proportionate.”

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in